Gain a working knowledge of Secrets Management from a Kubernetes platform and application perspective to design, implement, and maintain a production-grade hybrid multi-cloud solution including compliance and business continuity
Key Features
- Master secrets encryption with complex life cycle, key rotation, access control, backup, and recovery
- Learn to audit secret consumption, troubleshoot, and optimize for efficiency and compliance
- Manage secrets confidently with real world cases to strengthen applications' security posture
Book Description
Kubernetes IT pros face a challenge in securing containerized app secrets. This book tackles the critical task of safeguarding sensitive data, addressing Kubernetes encryption limitations, and establishing a robust secrets management system for heightened security. With this book readers will able to build a production-ready secrets management system for k8s.
The book starts with the Kubernetes architecture principles and how it applies to the design of secrets management. You'll dive into advanced Kubernetes concepts, including hands-on security, compliance, risk mitigation, disaster recovery, and backup strategies. Later, learn to mitigate risks and establish robust secrets management with practical, real-world guidance. You'll also explore different types of external secret stores, how to configure it in Kubernetes and integrate them with existing secrets management solutions. Further, you'll design, implement, and operate a secure way of managing sensitive payload by leveraging real use cases through an iterative process to build skills, practice, and analytical thinking to define and strengthen the security posture with each solution.
By the end of the book, you'll have a rock-solid secrets management solution to run your business-critical applications in a hybrid multi-cloud scenario with the operational risks, compliance and controls.
What you will learn
- Explore Kubernetes Secrets, related API objects, and CRUD operations
- The Kubernetes Secrets limitations, attack vectors, and mitigations
- Explore encryption at rest, cloud or external secret stores solutions
- Build and operate a production grade solution with business continuity
- Integrate a Secrets Management solution in your CI/CD pipelines
- Continuously assess the risks and vulnerabilities for each solution
- Lessons learned from real use cases implemented by large organizations
- Gain an overview of the latest and future Secret Management trends
Who this book is for
This handbook is a reference for IT professionals interested in a comprehensive guide to design, implement, operate, and audit the secrets being consumed across applications and platforms running on Kubernetes. Developer, Platform, and Security teams familiar with containers and looking to understand how to manage secrets will find in this book a progressive path from foundations to implementation with a security first mindset. This handbook builds knowledge up to hybrid multi-cloud Kubernetes platforms for organizations concerned with governance and compliance requirements.
Table of Contents
- Understanding Kubernetes Secret Management
- Walking through Kubernetes Secret Management Concepts
- Encrypting secrets in transit and at rest
- Debugging and Troubleshooting Kubernetes Secrets
- Security, Auditing and Compliance
- Disaster Recovery and Backups
- Challenges and Risk for Managing Secrets in Kubernetes Production Environment
- Exploring Secret Storage on AWS
- Exploring Secret Storage on Azure
- Exploring Secret Storage on GCP
(N.B. Please use the Look Inside option to see further chapters)
Emmanouil Gkatziouras started his career in software as a Java developer. Since 2015, he has worked daily with cloud providers such as GCP, AWS and Azure, and container orchestration tools such as Kubernetes. He has fulfilled many roles, either in lead positions or as an individual contributor. He enjoys being a versatile engineer and collaborating with development, platform, and architecture teams. He loves to give back to the developer community by contributing to open-source projects and by blogging on various software topics. He is committed to continuous learning and is a holder of certifications such as CKA, CCDAK, PSM, CKAD, and PSO. He is the author of ‘A Developer's Essential Guide to Docker Compose'.
Rom Adams (né Romuald Vandepoel) is an open-source and C-Suite advisor with 20 years of experience in the IT industry. He is a cloud-native expert who helps organizations to modernize and transform with open-source solutions. He is advising companies and lawmakers on their open- and inner-source strategies. Previously, a Principal Architect at Ondat, a cloud-native storage company acquired by Akamai, where he designed products and hybrid cloud solutions and held roles at Tyco, NetApp, and Red Hat becoming a subject matter expert in hybrid cloud. He was moderator and speaker for several events, sharing his insights on culture, process, technology adoption, and passion about open innovation.
Chen Xi is a highly skilled Uber Platform Engineer. As a Tech Leader, he contributed to the Secret and Key Management Platform service, leading and delivering secrets as a service with a 99.99% SLA for thousands of Uber container services across hybrid environments. His cloud infrastructure prowess is evident from his work on Google Kubernetes Engine (GKE) and the integration of Spire-based PKI systems. Prior to joining Uber, he worked at VMware, where he developed microservices for VMware's Hybrid Kubernetes management platform (Tanzu Mission Control) and VMware Kubernetes Engine for multi-cloud (Cloud PKS). Chen is also a contributing author to the Certified Kubernetes Security Specialist (CKS) exam.
